Lucene search
K

10 matches found

RedHat Linux
RedHat Linux
added 2026/06/17 3:45 p.m.8 views

netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder

A flaw was found in Netty. The HttpObjectDecoder component, which processes incoming HTTP requests, incorrectly skips certain control characters and whitespace before reading the first request line. This behavior, which goes beyond standard HTTP protocol requirements, can lead to request-boundary...

5.3CVSS5.3AI score0.00232EPSS
Exploits0References7
Veracode
Veracode
added 2026/06/16 6:38 p.m.8 views

HTTP Request Smuggling

Netty is vulnerable to HTTP Request Smuggling. The vulnerability is due to HttpObjectDecoder improperly ignoring non-CRLF control characters before the request line, which allows an attacker to create request-boundary confusion between front-end and back-end components and potentially smuggle...

5.3CVSS5.2AI score0.00232EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/06/12 4:16 p.m.59 views

CVE-2026-50020

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all...

5.3CVSS0.00232EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 2:55 p.m.10 views

CVE-2026-50020 Netty's HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all...

5.3CVSS5.4AI score0.00232EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 2:55 p.m.71 views

CVE-2026-50020

Netty (network framework) contains a flaw in HttpObjectDecoder: prior to reading the first request-line, it ignores all ISO control bytes (0x00–0x1F, 0x7F) plus whitespace, beyond what RFC 9112 allows. This can cause request-boundary confusion in pipelined or multiplexed transports. Affects Netty...

5.3CVSS5.4AI score0.00232EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-48904

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.135.Final Netty versions prior to 4.2.15.Final Description Before reading the first request-line, the HttpObjectDecoder function silently skips all whitespace and every byte for which Character.isISOControlb is true...

5.3CVSS5.3AI score0.00232EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-50020

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, before reading the...

5.3CVSS5.5AI score0.00232EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 12:44 p.m.5 views

GHSA-Q382-VC8Q-7JHJ Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk

The Go SDK recently transitioned to the segmentio/encoding library for JSON parsing in version 1.3.1. While this change addressed both case-insensitivity and ASCII folding issues, the new parser implemented aggressive key matching that treated keys with null Unicode characters appended at the end...

8.2CVSS5.8AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/03/18 12:0 a.m.20 views

FreeBSD : amavisd-new -- multipart boundary confusion (0a48e552-e470-11ee-99b3-589cfc0f81b0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0a48e552-e470-11ee-99b3-589cfc0f81b0 advisory. - The Amavis project reports: Emails which consist of multiple parts Content-Type: multipart/ incorpora...

7.4CVSS7.4AI score0.00826EPSS
Exploits0References3
Veracode
Veracode
added 2024/01/30 6:46 p.m.14 views

Key Boundary Confusion

wolfssl is vulnerable to Key Boundary Confusion attack. The vulnerability is due to wolfSSL failing to enforce boundaries between DTLS messages handled by different keys, allowing for the amalgamation of messages meant for different security contexts into a single record...

5.3CVSS6.7AI score0.00513EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder